Applies to Barracuda SSL VPN.
The Barracuda SSL VPN can be configured to authenticate to a VASCO server using the RADIUS feature of the product. Note that VASCO do not currently include a RADIUS server with their product; therefore you will need to use an external RADIUS server (i.e. FreeRADIUS) to provide the RADIUS component of this solution.
The following are the steps to set up the Barracuda SSL VPN to use Digipass Tokens for authentication:
- Configure an Authentication Scheme that uses RADIUS authentication as one of the authentication stages.
- Configure the RADIUS server in VACMAN Middleware.
- Add the Barracuda SSL VPN server to VACMAN as a RADIUS client.
- Create Users in VACMAN Middleware.
- Import Digipass Tokens into VACMAN Middleware.
- Assign Digipass Tokens to users.
- Test the authentication process.
Configuring an Authentication Scheme that uses RADIUS
To begin setting up Digipass Tokens for authentication, you must first configure an authentication scheme that uses RADIUS.
- Browse to Manage System > Advanced > Configuration and configure the RADIUS settings:
- RADIUS Server –The IP address of the RSA Authentication Manager RADIUS server.
- Authentication Port – The port over which the RADIUS server is listening for authentication requests.
- Accounting Port – The port over which the RADIUS server is listening to for accounting requests.
- Shared Secret –The password that must be set on both the Barracuda SSL VPN appliance and the Authentication Manager.
- Authentication Method – This should be set to PAP (Password Authentication Protocol) unless otherwise instructed.
- Time out – Seconds to wait for a response from the server before timing out upon authentication.
- Authentication Retries – Number of times to re-attempt a timed-out authentication request.
Configure the RADIUS server in VACMAN Middleware
You must now set up VACMAN to use RADIUS as well.
- In VACMAN Middleware, log on to your VACMAN server, expand the server tree and rightclick on the RADIUS server’s node. Select New RADIUS Server to create the new server.
- Enter the relevant properties for the RADIUS server on your network and click OK.
- The VACMAN Server service may need to restart, and you may need to log back onto the server again. Once this is complete, the new RADIUS server details will be listed under the RADIUS Server node.
Add the Barracuda SSL VPN as a RADIUS client
The Barracuda SSL VPN must be registered with the VACMAN server as a RADIUS client.
- In order for your appliance to talk to the VACMAN server via RADIUS, it will need to be configured as a RADIUS client.
- Click ‘Create’ and the new RADIUS client will be created.
Create Users in VACMAN Middleware
You will need to create some users in the VACMAN Middleware server in order to authenticate
them using the Digipass devices.
- Right-click on the ‘Users’ node and select ‘New User’.
- The new user dialog appears. Enter the relevant details and click ‘Create’.
- The new user is created and appears in the user list.
Importing Digipass Tokens to VACMAN
In order to authenticate your users using Digipass tokens, you will firstly need to import them into VACMAN Middleware.
- Right-click on the Digipass node and select ‘Import Digipass’
- An import dialog will appear. You will now need to import the Digipass import file (a *.dpx file) for the relevant keys. Enter the 32 character hexadecimal number into the ‘Key’ field.
- Click ‘Import All Applications’ to import all records. You can alternatively pick just the relevant applications you wish to import by selecting ‘Import Selected Applications’. Click ‘Close’ when done.
- The import proceeds and you will see the imported tokens in the Digipass item list.
Assigning Digipass Tokens to Users
The last step of the Digipass configuration is to assign the Digipass tokens to the relevant users within VACMAN Middleware.
- In the Digipass list in the server tree, right-click on the appropriate Digipass token and select Assign.
- Enter the username in the User ID field and click Find to search for the user.
- Select the desired username and click OK to assign the Digipass token to this user.
Testing the Authentication Process
Once the RADIUS authentication is configured, verify the authentication process using your Digipass key fob.
- Enter your username when prompted.
- The second stage prompts you for password – this is the password to the user database you have currently configured, i.e. Active Directory.
- If the password was accepted, a second password prompt will be shown. This prompt asks for the OTP displayed on the key fob. If you configured the key fob with a PIN, e.g. 4567, you will need to enter this followed by the token code displayed on the device. For example, if the device displays 157252 and your PIN number is 4567; you should enter 4567157252 in this field.
- When successfully authenticated, you will be presented with the Favorites page.
Link to this page: